Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) - ошибки и эксплоиты

[RU] switch to
English Version

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано: 20 декабря 2006 г.
Источник:
SecurityVulns ID: 6960
Тип: удаленная
Опасность: 5/10
Описание: Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.

Затронутые продукты: WAGORA : W-Agora 4.1
NOVELL : Netware 6.5
VALDERSOFT : Valdersoft Shopping Cart 3.0
TYPO3 : TYPO3 4.0
EYEOS : eyeOS 0.9
OBIEWEBSITE : Mini Web Shop 2.1
PARISTEMI : Paristemi 0.8
PHPPROFILES : phpProfiles 3.1
AZUCARCMS : Azucar CMS 1.3
CWMDESIGN : cwmVote 1.0
CWMDESIGN : cwmExplorer 1.0
CWMDESIGN : cwmCounter 1.0
VERLIADMIN : VerliAdmin 0.3
CVE: CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.)
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.)

Оригинальный текст document SECUNIA, [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability (20.12.2006)

SECUNIA, [SA23388] eyeOS File Upload Vulnerability (20.12.2006)

ajannhwt_(at)_hotmail.com, cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability (20.12.2006)

bd0rk_(at)_hackermail.com, cwmVote 1.0 File Include Vulnerability (20.12.2006)

document Cold Zero, PHPFanBase (protection.php) Remote File Include Vulnerability (20.12.2006)

nuffsaid, Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability (20.12.2006)

nuffsaid, phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities (20.12.2006)

nuffsaid, Paristemi 0.8.3b (buycd.php) Remote File Include Vulnerability (20.12.2006)

document bilkopat_(at)_hotmail.com, Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include (20.12.2006)

Daniel Fabian, [Full-disclosure] SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability (20.12.2006)

xx_hack_xx_2004_(at)_hotmail.com, Multiple Bugs in MINI WEB SHOP (20.12.2006)

document ShaFuq31_(at)_HoTMaiL.CoM, Burak Yilmaz Download Portal Sql Injection Vuln. (20.12.2006)

l.d.0_(at)_hotmail.com, xss in Support Cards v1 ( oSTicket ) (20.12.2006)

MustLive, Vulnerabilities в W-Agora (20.12.2006)

webmaster666_(at)_email.it, MkPortal Urlobox Cross Site Request Forgery (20.12.2006)

Файлы: cwmCounter Remote File Include Exploit
Exploits PHPUpdate <= 2.7 extract() auth bypass / shell inject
VerliAdmin <= 0.3 File Include Exploit
Обсудить: Прочитать или оставить комментарии к новости (0 комментариев)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород